Lucene search

MitreCVE-2010-5216

HistorySep 06, 2012 - 10:41 a.m.

CVE-2010-5216

2012-09-0610:41:55

mitre

web.nvd.nist.gov

cve-2010-5216

untrusted search path vulnerability

lingo 11.0.1.6

lingo 12.0.2.20

privilege escalation

trojan horse

myuser.dll file

nvd

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

Percentile

5.1%

JSON

Untrusted search path vulnerability in LINGO 11.0.1.6 and 12.0.2.20 allows local users to gain privileges via a Trojan horse myuser.dll file in the current working directory, as demonstrated by a directory that contains a .ltf file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

Nvd

Node

lindolingoMatch11.0.1.6

lindolingoMatch12.0.2.20

VendorProductVersionCPE
lindolingo11.0.1.6cpe:2.3:a:lindo:lingo:11.0.1.6:*:*:*:*:*:*:*
lindolingo12.0.2.20cpe:2.3:a:lindo:lingo:12.0.2.20:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lindo	lingo	11.0.1.6	cpe:2.3:a:lindo:lingo:11.0.1.6:::::::*
lindo	lingo	12.0.2.20	cpe:2.3:a:lindo:lingo:12.0.2.20:::::::*

References

secunia.com/advisories/41573

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2010-5216